Google Accelerates Chrome Development, Security

Friday Jul 23rd 2010 by Sean Michael Kerner

Share:

Making a faster browser isn't good enough for Google, which also want to release more often and fund more security research, too.

The basic premise behind the Agile software development methodology is to release early and often to increase incremental innovation. It's an approach that Google is now set to fully embrace with open arms for its Chrome Web browser.

Though new stable updates of Chrome were already coming more often than every other major browser, Google is now set to release new versions twice as fast as it does currently. At present, Chrome users get new major stable releases approximately every 12 weeks. The plan in the next few months is to cut that release cycle in half, delivering major, stable updates to users of Chrome every 6 weeks.

Users of Google developer releases have already seen firsthand the rapid iteration of the browser. Google's Chrome is provided in three different release cycles, called channels, with the developer channel often putting out new releases every week. The beta channel releases come out less frequently and provide more stability than the developer releases. Finally, there are the stable channel releases, which are the editions that Google considers to be suitable for all users.

The developer channel of Google Chrome is currently at version 6, which began development in May. A Chrome 6 Beta release is expected soon.

"Since we are going to continue to increment our major versions with every new release (i.e. 6.0, 7.0, 8.0, 9.0) those numbers will start to move a little faster than before," Anthony Laforge, a program manager at Google, wrote in a blog post. "Please dont read too much into the pace of version number changes -- they just mean we are moving through release cycles and we are geared up to get fresher releases into your hands!"

While getting new major releases into the hands of users more often is a key focus for Google's Chrome team, the company is also ramping up efforts to identify and secure potential flaws and vulnerabilities.

One of the methods that Google uses to help identify flaws in its browser software is by paying out an award to security researchers for the vulnerabilities they uncover. The Chromium Security Reward program began at the beginning of the year with a top reward of $1,337.

Now, to further encourage security experts to probe its software and find exploitable flaws, Google is tripling that reward to a top payment of $3,137 for flaws it deems "critical" -- the highest threat level in Google's severity rating system, according to a blog post by Chris Evans, a Google Chrome security engineer.

"The increased reward reflects the fact that the sandbox makes it harder to find bugs of this severity," Evans wrote, referring to Google Chrome's "sandbox" architectural approach that isolates its rendering engine from the user's operating system.